MySQL  8.0.19
Source Code Documentation
sql_rewrite.h
Go to the documentation of this file.
1 /* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SQL_REWRITE_INCLUDED
24 #define SQL_REWRITE_INCLUDED
25 
26 #include <set>
27 #include "my_sqlcommand.h"
28 #include "sql/table.h"
29 
30 /* Forward declarations */
31 class THD;
32 class LEX_GRANT_AS;
33 /**
34  Target types where the rewritten query will be added. Query rewrite might
35  vary based on this type.
36 */
37 enum class Consumer_type {
38  TEXTLOG, /* General log, slow query log and audit log */
39  BINLOG, /* Binary logs */
40  STDOUT /* Standard output */
41 };
42 
43 /**
44  An interface to wrap the paramters required by specific Rewriter.
45  Parameters required by specific Rewriter must be added in the concrete
46  implementation.
47  Clients need to wrap the parameters in specific concrete object.
48 */
50  protected:
51  virtual ~Rewrite_params() {}
52 };
53 
54 /**
55  Wrapper object for user related parameters required by:
56  SET PASSWORD|CREATE USER|ALTER USER statements.
57 */
58 class User_params : public Rewrite_params {
59  public:
60  User_params(std::set<LEX_USER *> *users_set)
61  : Rewrite_params(), users(users_set) {}
62  std::set<LEX_USER *> *users;
63 };
64 
65 /**
66  Wrapper object for parameters required by SHOW CREATE USER statement.
67 */
69  public:
70  Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex)
71  : Rewrite_params(),
73  print_identified_with_as_hex_(print_identified_with_as_hex) {}
76 };
77 
78 /**
79  Wrapper object for parameters required for GRANT statement.
80 */
81 class Grant_params : public Rewrite_params {
82  public:
83  Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
84  : Rewrite_params(),
85  grant_as_provided(grant_as_specified),
86  grant_as_info(grant_as) {}
89 };
90 
91 /**
92  Provides the default interface to rewrite the SQL statements to
93  to obfuscate passwords.
94  It either sets the thd->rewritten_query with a rewritten query,
95  or clears it if no rewriting took place.
96 */
98  Rewrite_params *params = nullptr);
99 /**
100  Provides the default interface to rewrite the ACL query.
101  It sets the thd->rewritten_query with a rewritten query.
102 */
104  Rewrite_params *params = nullptr,
105  bool do_ps_instrument = true);
106 
107 /**
108  An abstract base class to enable the implementation of various query
109  rewriters. It accepts a THD pointer and the intended target type where the
110  query will to be written. It either sets the thd->rewritten_query with a
111  rewritten query, or clears it if no rewriting took place. Concrete classes
112  must implement the rewrite() method to rewrite the query. Despite concrete
113  classes may accept additional parameters, it is recommended not to create
114  their objects directly.
115 */
116 class I_rewriter {
117  public:
118  /* Constructors and destructors */
120  virtual ~I_rewriter();
121  /* Prohibit the copy of the object */
122  I_rewriter(const I_rewriter &) = delete;
123  const I_rewriter &operator=(const I_rewriter &) = delete;
124  I_rewriter(const I_rewriter &&) = delete;
125  const I_rewriter &operator=(const I_rewriter &&) = delete;
126  /* Reset the previous consumer type before rewriting the query */
128  /* Return the current consumer type */
130  /* Concrete classes must implement the logic to rewrite query here */
131  virtual bool rewrite() const = 0;
132 
133  protected:
134  THD *const m_thd;
136 };
137 /**
138  Abstract base class to define the skeleton of rewriting the users, yet
139  deferring some steps to the concrete classes. The implementation in specific
140  steps might vary according to SQL or the consumer type.
141 */
142 class Rewriter_user : public I_rewriter {
143  protected:
144  Rewriter_user(THD *thd, Consumer_type target_type);
145  /*
146  Provides the skeleton to rewrite the users. The actual user is rewritten
147  through the concrete implementation of private methods.
148  */
149  void rewrite_users(LEX *lex, String *str) const;
150  /* Append the literal value <secret> to the str */
151  void append_literal_secret(String *str) const;
152  /* Append the password hash to the output string */
153  virtual void append_auth_str(LEX_USER *lex, String *str) const;
154  /* Append the authentication plugin name for the user */
155  void append_plugin_name(const LEX_USER *user, String *str) const;
156  /*
157  Rewrites some of the user specific properties which are common to
158  concrete classes.
159  */
160  virtual bool rewrite() const;
161  /*
162  Abstract method to be implemented by the concrete classes.
163  The implementation methos should add the user authID, plugin info and
164  auth str
165  */
166  virtual void append_user_auth_info(LEX_USER *user, bool comma,
167  String *str) const = 0;
168  /* Append the PASSWORD REUSE OPTIONS clause for users */
169  virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
170  /* Append the PASSWORD REUSE OPTIONS clause for users */
171  virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
172 
173  private:
174  /* Append the SSL OPTIONS clause for users */
175  void rewrite_ssl_properties(const LEX *lex, String *str) const;
176  /* Append the RESOURCES OPTIONS clause for users */
177  void rewrite_user_resources(const LEX *lex, String *str) const;
178  /* Append the ACCOUNT LOCK OPTIONS clause for users */
179  void rewrite_account_lock(const LEX *lex, String *str) const;
180  /* Append the PASSWORD EXPIRED OPTIONS clause for users */
181  void rewrite_password_expired(const LEX *lex, String *str) const;
182  /* Append the PASSWORD REQUIRE CURRENT clause for users */
183  void rewrite_password_require_current(LEX *lex, String *str) const;
184  /* Append FAILED_LOGIN_ATTEMPTS/PASSWORD_LOCK_TIME */
185  void rewrite_account_lock_state(LEX *lex, String *str) const;
186  /* Append the DEFAULT ROLE OPTIONS clause */
187  void rewrite_default_roles(const LEX *lex, String *str) const;
188 };
189 /** Rewrites the CREATE USER statement. */
192 
193  public:
195  bool rewrite() const override;
196 
197  private:
199  String *str) const override;
200  void rewrite_password_history(const LEX *lex, String *str) const override;
201  void rewrite_password_reuse(const LEX *lex, String *str) const override;
202 };
203 /** Rewrites the ALTER USER statement. */
206 
207  public:
209  bool rewrite() const override;
210 
211  private:
213  String *str) const override;
214  void rewrite_password_history(const LEX *lex, String *str) const override;
215  void rewrite_password_reuse(const LEX *lex, String *str) const override;
216 };
217 /** Rewrites the SHOW CREATE USER statement. */
220 
221  public:
223  Rewrite_params *params);
224  bool rewrite() const override;
225 
226  protected:
227  /* Append the password hash to the output string */
228  virtual void append_auth_str(LEX_USER *lex, String *str) const override;
229 
230  private:
232  String *str) const override;
233  void rewrite_password_history(const LEX *lex, String *str) const override;
234  void rewrite_password_reuse(const LEX *lex, String *str) const override;
236 };
237 /** Rewrites the SET statement. */
238 class Rewriter_set : public I_rewriter {
239  public:
241  bool rewrite() const override;
242 };
243 /*
244  Rewrites the SET PASSWORD statement
245 */
248 
249  public:
251  bool rewrite() const override;
252 
253  private:
254  /* Name of the user whose password has to be changed */
255  std::set<LEX_USER *> *m_users = nullptr;
256 };
257 
258 /** Rewrites the GRANT statement. */
260  public:
262  bool rewrite() const override;
263 
264  private:
265  /* GRANT AS information */
267 };
268 
269 /** Rewrites the CHANGE MASTER statement. */
271  public:
273  bool rewrite() const override;
274 };
275 
276 /** Rewrites the START SLAVE statement. */
278  public:
280  bool rewrite() const override;
281 };
282 /** Base class for SERVER OPTIONS related statement */
284  public:
286 
287  protected:
288  // Append the SERVER OPTIONS clause
289  void mysql_rewrite_server_options(const LEX *lex, String *str) const;
290 };
291 /** Rewrites the CREATE SERVER statement. */
294 
295  public:
297  bool rewrite() const override;
298 };
299 /** Rewrites the ALTER SERVER statement. */
302 
303  public:
305  bool rewrite() const override;
306 };
307 
308 /** Rewrites the PREPARE statement.*/
310  public:
312  bool rewrite() const override;
313 };
314 #endif /* SQL_REWRITE_INCLUDED */
Rewriter_set::rewrite
bool rewrite() const override
Rewrite the query for the SET statement.
Definition: sql_rewrite.cc:929
Rewriter_alter_server::Rewriter_alter_server
Rewriter_alter_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1443
Rewriter_alter_user::rewrite_password_history
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:809
THD
Definition: sql_class.h:764
Grant_params::grant_as_info
LEX_GRANT_AS * grant_as_info
Definition: sql_rewrite.h:88
User_params::users
std::set< LEX_USER * > * users
Definition: sql_rewrite.h:62
Rewriter_user::append_auth_str
virtual void append_auth_str(LEX_USER *lex, String *str) const
Append the password hash to the output string.
Definition: sql_rewrite.cc:416
Rewriter_alter_user::Rewriter_alter_user
Rewriter_alter_user(THD *thd, Consumer_type type=Consumer_type::TEXTLOG)
Definition: sql_rewrite.cc:741
Grant_params::grant_as_provided
bool grant_as_provided
Definition: sql_rewrite.h:87
Rewriter_set_password::rewrite
bool rewrite() const override
Rewrite the query for the SET PASSWORD statement.
Definition: sql_rewrite.cc:960
Rewriter_show_create_user::append_auth_str
virtual void append_auth_str(LEX_USER *lex, String *str) const override
A special rewriter override to make SHOW CREATE USER convert the string to hex if print_identified_wi...
Definition: sql_rewrite.cc:855
Show_user_params::print_identified_with_as_hex_
bool print_identified_with_as_hex_
Definition: sql_rewrite.h:75
my_sqlcommand.h
Rewriter_user
Abstract base class to define the skeleton of rewriting the users, yet deferring some steps to the co...
Definition: sql_rewrite.h:142
Rewriter_alter_server
Rewrites the ALTER SERVER statement.
Definition: sql_rewrite.h:300
Rewriter_set_password::Rewriter_set_password
Rewriter_set_password(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:946
Consumer_type::STDOUT
@ STDOUT
String
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:164
User_params::User_params
User_params(std::set< LEX_USER * > *users_set)
Definition: sql_rewrite.h:60
Consumer_type
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
Rewriter_change_master
Rewrites the CHANGE MASTER statement.
Definition: sql_rewrite.h:270
Show_user_params
Wrapper object for parameters required by SHOW CREATE USER statement.
Definition: sql_rewrite.h:68
User_params
Wrapper object for user related parameters required by: SET PASSWORD|CREATE USER|ALTER USER statement...
Definition: sql_rewrite.h:58
Rewriter_server_option
Base class for SERVER OPTIONS related statement.
Definition: sql_rewrite.h:283
Rewriter_user::rewrite_account_lock
void rewrite_account_lock(const LEX *lex, String *str) const
Append the ACCOUNT LOCK clause for users iff it is specified.
Definition: sql_rewrite.cc:495
Rewriter_grant::rewrite
bool rewrite() const override
Rewrite the query for the GRANT statement.
Definition: sql_rewrite.cc:1020
Rewriter_create_user::Rewriter_create_user
Rewriter_create_user(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:665
Rewriter_create_user::rewrite_password_history
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:723
Rewriter_user::rewrite_password_require_current
void rewrite_password_require_current(LEX *lex, String *str) const
Append the PASSWORD REQUIRE CURRENT clause for users.
Definition: sql_rewrite.cc:531
Rewriter_alter_user
Rewrites the ALTER USER statement.
Definition: sql_rewrite.h:204
I_rewriter::rewrite
virtual bool rewrite() const =0
LEX_USER
Definition: table.h:2366
mysql_rewrite_query
void mysql_rewrite_query(THD *thd, Consumer_type type=Consumer_type::TEXTLOG, Rewrite_params *params=nullptr)
Provides the default interface to rewrite the SQL statements to to obfuscate passwords.
Definition: sql_rewrite.cc:318
Consumer_type::TEXTLOG
@ TEXTLOG
Rewriter_alter_user::rewrite_password_reuse
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:821
Rewriter_create_server::rewrite
bool rewrite() const override
Rewrite the query for the CREATE SERVER statement.
Definition: sql_rewrite.cc:1423
Rewriter_show_create_user::rewrite_password_history
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users.
Definition: sql_rewrite.cc:881
Rewriter_create_user::rewrite_password_reuse
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:735
Rewriter_create_server::Rewriter_create_server
Rewriter_create_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1396
Rewriter_create_user::rewrite
bool rewrite() const override
Rewrite the query for the CREATE USER statement.
Definition: sql_rewrite.cc:673
LEX_GRANT_AS
Definition: sql_lex.h:3207
Rewriter_user::rewrite_account_lock_state
void rewrite_account_lock_state(LEX *lex, String *str) const
Append the account lock state.
Definition: sql_rewrite.cc:560
Grant_params::Grant_params
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
Definition: sql_rewrite.h:83
I_rewriter::operator=
const I_rewriter & operator=(const I_rewriter &)=delete
I_rewriter::m_consumer_type
Consumer_type m_consumer_type
Definition: sql_rewrite.h:135
Rewriter_alter_server::rewrite
bool rewrite() const override
Rewrite the query for the ALTER SERVER statement.
Definition: sql_rewrite.cc:1452
Rewrite_params::~Rewrite_params
virtual ~Rewrite_params()
Definition: sql_rewrite.h:51
Consumer_type::BINLOG
@ BINLOG
Rewriter_prepare::rewrite
bool rewrite() const override
Rewrite the query for the PREPARE statement.
Definition: sql_rewrite.cc:1477
Rewriter_user::rewrite_ssl_properties
void rewrite_ssl_properties(const LEX *lex, String *str) const
Append the SSL clause for users iff it is specified.
Definition: sql_rewrite.cc:426
Rewriter_prepare::Rewriter_prepare
Rewriter_prepare(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1468
Rewriter_user::rewrite_user_resources
void rewrite_user_resources(const LEX *lex, String *str) const
Append the user resource clauses for users.
Definition: sql_rewrite.cc:468
Rewriter_alter_user::rewrite
bool rewrite() const override
Rewrite the query for the ALTER USER statement.
Definition: sql_rewrite.cc:749
Rewriter_slave_start
Rewrites the START SLAVE statement.
Definition: sql_rewrite.h:277
Rewriter_server_option::Rewriter_server_option
Rewriter_server_option(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1394
Rewriter_show_create_user
Rewrites the SHOW CREATE USER statement.
Definition: sql_rewrite.h:218
I_rewriter::consumer_type
Consumer_type consumer_type()
Return the current consumer type set in the object.
Definition: sql_rewrite.cc:375
Rewriter_user::Rewriter_user
Rewriter_user(THD *thd, Consumer_type target_type)
Definition: sql_rewrite.cc:377
Rewriter_user::append_user_auth_info
virtual void append_user_auth_info(LEX_USER *user, bool comma, String *str) const =0
I_rewriter::~I_rewriter
virtual ~I_rewriter()
Definition: sql_rewrite.cc:361
Rewriter_user::rewrite_password_history
virtual void rewrite_password_history(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD HISTORY clause iff it is specified.
Definition: sql_rewrite.cc:601
Rewriter_show_create_user::Rewriter_show_create_user
Rewriter_show_create_user(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:827
Rewriter_user::rewrite
virtual bool rewrite() const
Appends the essential clauses for SHOW CREATE|CREATE|ALTER USER statements in the thd->rewritten_quer...
Definition: sql_rewrite.cc:386
Rewriter_show_create_user::append_user_auth_info
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin name and suth str user to output string.
Definition: sql_rewrite.cc:902
Show_user_params::Show_user_params
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex)
Definition: sql_rewrite.h:70
Rewriter_user::append_literal_secret
void append_literal_secret(String *str) const
Append the literal <secret> in place of password to the output string.
Definition: sql_rewrite.cc:406
user
char * user
Definition: mysqladmin.cc:59
Rewriter_show_create_user::rewrite_password_reuse
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users.
Definition: sql_rewrite.cc:891
I_rewriter::m_thd
THD *const m_thd
Definition: sql_rewrite.h:134
comma
const string comma(" , ")
Rewriter_set
Rewrites the SET statement.
Definition: sql_rewrite.h:238
Rewriter_server_option::mysql_rewrite_server_options
void mysql_rewrite_server_options(const LEX *lex, String *str) const
Append the SERVER OPTIONS clause.
Definition: sql_rewrite.cc:1404
LEX
Definition: sql_lex.h:3221
Rewriter_user::rewrite_users
void rewrite_users(LEX *lex, String *str) const
Fetch the users from user_list in LEX struct and append them to the String.
Definition: sql_rewrite.cc:632
Rewriter_create_user
Rewrites the CREATE USER statement.
Definition: sql_rewrite.h:190
I_rewriter::I_rewriter
I_rewriter(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:356
I_rewriter
An abstract base class to enable the implementation of various query rewriters.
Definition: sql_rewrite.h:116
Rewriter_set_password::m_users
std::set< LEX_USER * > * m_users
Definition: sql_rewrite.h:255
Rewriter_user::rewrite_password_expired
void rewrite_password_expired(const LEX *lex, String *str) const
Append the PASSWORD EXPIRE clause for users iff it is specified.
Definition: sql_rewrite.cc:510
Grant_params
Wrapper object for parameters required for GRANT statement.
Definition: sql_rewrite.h:81
Rewriter_user::rewrite_password_reuse
virtual void rewrite_password_reuse(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD REUSE clause iff it is specified.
Definition: sql_rewrite.cc:617
Rewriter_change_master::rewrite
bool rewrite() const override
Rewrite the query for the CHANGE MASTER statement.
Definition: sql_rewrite.cc:1209
Rewriter_grant::grant_params
Grant_params * grant_params
Definition: sql_rewrite.h:266
HttpMethod::type
int type
Definition: http_common.h:411
mysql_rewrite_acl_query
void mysql_rewrite_acl_query(THD *thd, Consumer_type type, Rewrite_params *params=nullptr, bool do_ps_instrument=true)
Provides the default interface to rewrite the ACL query.
Definition: sql_rewrite.cc:345
Rewrite_params
An interface to wrap the paramters required by specific Rewriter.
Definition: sql_rewrite.h:49
Rewriter_create_server
Rewrites the CREATE SERVER statement.
Definition: sql_rewrite.h:292
Rewriter_grant::Rewriter_grant
Rewriter_grant(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:1009
table.h
Rewriter_prepare
Rewrites the PREPARE statement.
Definition: sql_rewrite.h:309
Rewriter_user::append_plugin_name
void append_plugin_name(const LEX_USER *user, String *str) const
Append the authentication plugin name for the user.
Definition: sql_rewrite.cc:580
Rewriter_grant
Rewrites the GRANT statement.
Definition: sql_rewrite.h:259
Rewriter_create_user::append_user_auth_info
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:696
Rewriter_show_create_user::rewrite
bool rewrite() const override
Rewrite the query for the SHOW CREATE USER statement.
Definition: sql_rewrite.cc:838
Rewriter_slave_start::rewrite
bool rewrite() const override
Rewrite the query for the SLAVE START statement.
Definition: sql_rewrite.cc:1332
final
#define final(a, b, c)
Definition: hash.c:109
Rewriter_change_master::Rewriter_change_master
Rewriter_change_master(THD *thd, Consumer_type)
Definition: sql_rewrite.cc:1199
I_rewriter::set_consumer_type
void set_consumer_type(Consumer_type type)
Reset the previous consumer type.
Definition: sql_rewrite.cc:367
Show_user_params::hide_password_hash
bool hide_password_hash
Definition: sql_rewrite.h:74
Rewriter_set::Rewriter_set
Rewriter_set(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:919
Rewriter_set_password
Definition: sql_rewrite.h:246
Rewriter_alter_user::append_user_auth_info
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:771
Rewriter_slave_start::Rewriter_slave_start
Rewriter_slave_start(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1324
Rewriter_user::rewrite_default_roles
void rewrite_default_roles(const LEX *lex, String *str) const
Append the DEFAULT ROLE clause for users iff it is specified.
Definition: sql_rewrite.cc:650
Rewriter_show_create_user::show_params_
Show_user_params * show_params_
Definition: sql_rewrite.h:235